patrick.net

Top Department of Justice officials claimed to strike a major blow against the culprits of the Colonial Pipeline cyber ransomware attack Monday, announcing that they had seized almost all of the funds paid to the hacking group responsible for facilitating the hack. ...

Now, here’s where things get weird:

In their triumphant statements this morning, the DOJ claimed to have seized the funds from the hackers...

Now, the DOJ does appear to have secured the funds, but not in the fashion that it is being advertised by federal officials and widely reported in the corporate press. ...

A DOJ warrant from Monday morning gives us much more detail about how the government actually secured the bitcoin funds. They did so by putting legal pressure on a bitcoin wallet or exchange that had servers in Northern California. Yes, you read that correctly. These alleged Russian hackers did not in fact have custody over their bitcoin. Instead, they were using a custodian for their funds with servers in the United States. Using a custodian for your funds instead of maintaining possession of them is a very basic error, especially for an allegedly sophisticated hacking gang. Given that bitcoin transactions are publicly available, it was easy for the feds to track the funds transferred from Colonial to this hacking outfit, as Colonial’s initial transfer to the hackers’ wallet is public information. All they had to do was “follow the money,” which amazingly made its way into a U.S. based custodial address.

The latest events surrounding the Colonial Pipeline drama simply do not square with the narratives coming out of the Biden Administration and its stenographers in the corporate press. We were told this much-hyped hacking group of alleged Russians posed a serious threat to our entire critical infrastructure, yet in the same breath happened to have committed a laughably amateurish bitcoin custody faux pas that allowed for the feds to easily take back possession of the ransom funds. ...

In my opinion, this ransomware attack was successful largely due to Colonial’s lack of basic security measures in place. Similar to the notorious DNC emails hack (with the same claimed Russian government culprits), where John Podesta’s password was literally the word password, the hackers succeeded because Colonial had no measures in place to protect themselves. Everything else in the timeline going back to early May seems blown way out of proportion. Despite the claims made by some powerful people in D.C., there is no compelling evidence that this incident was some kind of Kremlin-directed operation to decimate America’s critical infrastructure.

In the end, the Russians and Bitcoin are not the antagonist actors in this story, though the DOJ seems more than happy to promulgate both of these narratives. Once the feds were able to identify that this bitcoin “hot wallet” (as opposed to an offline bitcoin wallet that is controlled by the hackers themselves) was connected to servers in the United States, it became a routine process to seize the funds through legal channels. The real issue is how horrifically poor our infrastructure is protected in this nation, to the point where a cheap ransomware attack by unnamed actors can result in a nationwide energy crisis. The story has nothing to do with U.S. adversaries and digital currencies, but of unbelievable incompetence and neglect on the part of Colonial and our overall security apparatus. It's called critical infrastructure for a reason.